Is the IT Skills Shortage Jeopardizing Your IT Security and Compliance?

There’s no doubt that digital transformation can help make an organization more competitive. Technology lets us do things faster, better, and cheaper than our competition. But there’s a dark side of digital transformation that IT and business leaders need to take very seriously.

The World Economic Forum conducted a survey in 2018 to see which technologies organizations expected to adopt by 2022. The results are pretty interesting. For example, 73% of organizations anticipated deploying machine learning, a technology which, not too long ago, most considered to be “future-tech.” Even augmented and virtual reality is expected to be adopted by more than half (58%) of companies.

The drive to adopt these technologies is going to accelerate the growing IT skills gap seen around the world. IDG’s State of the CIO 2019 study highlighted just how troublesome the skills shortage is becoming. The greatest concerns were in the area of data science and analytics, with 42% saying they anticipated having trouble filling those open roles in the coming year. That was followed by security and risk management (33%), AI/machine learning (31%), and cloud services/integration (22%).

As more organizations adopt new technologies, this shortage is only going to get worse. The Bureau of Labor Statistics expects job openings in computer and information technology occupations to grow 13% from 2016 to 2026, outpacing the growth of job openings in all other occupations.

The IT Skills Gap You Can’t Afford to Overlook

If organizations can’t find the staff they need, it will create a drag on their digital transformation aspirations. But while recruiters are out looking for thought leaders with AI and Machine Learning skills, they may end leaving openings in other vital areas unfilled.

As just cited above, less than a quarter of the respondents to the IDG survey said they were concerned about finding talent in cloud services/integration. It’s not because there aren’t shortages in that area. Our work with organizations tells us that there are. More likely, IT leaders just aren’t as focused on those skills gaps as they are on staffing up for things to come. After all, they can offload a lot of the day-to-day infrastructure management requirements simply by deploying resources in a public cloud like AWS or Azure, right?

For organizations concerned about IT security and compliance, that’s a dangerous assumption to make. One rookie mistake setting up workloads in the cloud could result in a data breach that costs your organization millions in fines and remediation.

A New Jersey healthcare provider inadvertently left an Elastic database (a SQL feature of Azure) set to open, exposing sensitive information including patient names, addresses, phone numbers, and dates of birth along with detailed medical information – even social security numbers.

A Sacramento, CA-based medical software provider unintentionally removed security protocols on a fax server that housed more than 6 million records, which allowed healthcare faxes to be viewed over the internet.

Thanks to the inadvertent removal of security protections on a website server, UW Medicine exposed the records of almost 1 million patients online.

All of these incidents appear to be honest mistakes, potentially caused by an IT technician (or someone outside of IT) who didn’t quite understand what they were doing.

Two Ways to Protect Yourself

There are a couple of ways you can protect yourself from mistakes like these:

Managed Clouds – If you’re not confident your in-house staff has the skills to manage your cloud deployments, get help. A qualified managed service provider will work with you to determine where your weaknesses are and then propose solutions to shore up your IT security and compliance defenses.

Increased Vigilance – Even if you believe you have the staff you need, mistakes happen. The right Cloud Management Platform can provide visibility into all of your cloud resources, alerting you to issues that increase your risk or need immediate remediation.

Let’s look at how that works in the TRiA Cloud Management Platform. This solution comes bundled with all of our Managed Cloud Services but is also available as a separate license.

First of all, TRiA has more than 200 built-in IT security and compliance checks which cover common standards like HIPAA, PCI DSS, NIST, GDPR, etc. These checks can also be customized to meet unique needs such as a best practice or local regulation.

Compliance checks are regularly run against your cloud resources (AWS, Azure, GCP, etc.). When a resource is found out of compliance, an alert is sent to the appropriate personnel. The screenshot below shows several alerts for issues that are potentially out of compliance with SOC 2.

Keep in mind, cloud management platforms like TRiA are a remediation tool. If something is misconfigured, they can limit your exposure by alerting you to the problem. Time-to-remediation can make a difference to organizations like the OCR, which is responsible for overseeing HIPAA enforcement, so this is no small benefit.

However, prevention requires staffing up to avoid those errors in the first place, either by increasing your focus on recruiting in this area or working with a partner like Connectria that can help you close the IT skills gap in your organization.